656ed796b9
[etcd] make etcd 3.5.16 default ( #11572 )
...
* [etcd] make etcd 3.5.16 default
* Update etcd binary checksums for version 3.5.16 and lower
2024-09-26 09:12:01 +01:00
e355bef79b
fix: vsphere image repositories, tags and docs ( #11564 )
...
The old repository for these has been deleted, leaving the previous
configuration not possible to deploy, and even currently running clusters
fail after a restart as the DeameonSet has ImagePullPolicy: Always. More
details can be found here: kubernetes-sigs/vsphere-csi-driver#3053
As of writing, only CSI driver versions 3.1.2 to 3.3.1 is available in
this registry. This "officially" supports Kubernetes 1.26 to 1.30. Since
older drivers are not available, I have removed some feature-gating for
those unavailable versions while I was at it. For the cloud provider,
the `latest` image is now missing, and only 1.28.0 to 1.31.0 are
available. I've set the latest of these as the new default.
I also updated the documented default versions, as they were all out of
date and not aligned with actual code defaults.
2024-09-26 08:22:02 +01:00
15bb5b0789
[kubernetes] Support kubernetes 1.31.1 ( #11533 )
2024-09-25 05:10:01 +01:00
fbcc8cc336
control-plane: refactor group membership test
...
Testing with group_names does not require the groups to exist.
2024-09-24 11:16:32 +02:00
0679d9c8e9
metrics-server: proper defaults, cleaner deploy template
2024-09-24 11:16:32 +02:00
dba00f2d85
metrics-server: Unconditional control-plane tolerations
...
There is no harm on having unneeded toleration when control-plane node
are not tainted, so simplify the template to always use the toleration.
2024-09-24 11:16:31 +02:00
9f45552201
Cleanup redundancy
...
k8s_cluster = kube_control_plane + kube_node
2024-09-24 11:16:30 +02:00
ee0d9c5428
remove-etcd-node: cleanups, correct change semantics
2024-09-24 09:11:32 +02:00
2a52e5f08c
remove-etcd-node: refactor shell to ansible filters
...
Remove unnecessary error handling. If the node ip is not defined, is
does not change anything whether we fail early of late.
2024-09-24 09:08:54 +02:00
a2a2dfa419
k8s/control-plane: cleanup excessive defaulting
2024-09-23 20:37:56 +02:00
baf0a331c9
Don't generate static tokens for nodes and control planes
...
Nodes to api-server relies by default certificates, and bootstrap
tokens, and there should be no need to generate tokens for every nodes,
even when enabling static token auth.
2024-09-23 16:58:42 +02:00
1c0718bb7d
update containerd 1.7.22 ( #11554 )
2024-09-23 15:31:59 +01:00
03a055c383
Merge pull request #10643 from VannTen/cleanup/k8s_node_templates
...
Refactor kubernetes/node templates
2024-09-23 14:16:00 +01:00
2ec1c93897
Test group membership with group_names
...
Testing for group membership with group names makes Kubespray more
tolerant towards the structure of the inventory.
Where 'inventory_hostname in groups["some_group"] would fail if
"some_group" is not defined, '"some_group" in group_names' would not.
2024-09-21 14:09:09 +02:00
93ee1226eb
Merge pull request #11521 from VannTen/cleanup/deduplicate_kubeadm_control_plane
...
Use in inventory variables rather than patch files for kubeadm_patches
2024-09-20 01:05:14 +01:00
4323e5d039
Reset operation, disable service enabled and clean container's logs. ( #11501 )
2024-09-19 19:14:37 +01:00
893e9cb177
Merge pull request #11471 from VannTen/feat/config_plugin_list
...
Update the list of admission plugins which needs config
2024-09-18 13:18:44 +01:00
e550118314
Allow setting annotations on ingress-nginx service ( #11544 )
2024-09-18 11:54:44 +01:00
c3de25c782
Move the CRI endpoint setting to kubelet config ( #11550 )
...
The `--container-runtime-endpoint` kubelet argument is deprecated in
favor of the config file alternative.
2024-09-18 01:34:45 +01:00
c601c8faf2
fix: Swap kubespray-defaults & boostrap-os ( #11441 )
...
- Execute boostrap-os before so that Python is installed for kubespray-defaults
- Remove outdated kubespray-defaults dependency on boostrap-os
2024-09-12 22:21:12 +01:00
c87097fc35
Document how to use kubeadm patches
2024-09-12 10:31:09 +02:00
8e254ec1e8
kubeadm: allow to provide patch inline in inventories
...
Specifying one directory for kubeadm patches is not ideal:
1. It does not allow working with multiples inventories easily
2. No ansible templating of the patch
3. Ansible path searching can sometimes be confusing
Instead, provide the patch directly in a variable, and add some quality
of life to handle components targeting and patch ordering more
explicitly (`target` and `type` which are translated to the kubeadm
scheme which is based on the file name)
2024-09-10 20:37:14 +02:00
a8b66fd207
Deduplicate kubeadm_patches tasks
...
kubernetes/control-plane and kubernetes/kubeadm roles both push kubeadm
patches in the same way.
Extract that code and make it a dependency of both.
This is safe because it's only configuration for kubeadm, which only
takes effect when kubeadm is run.
2024-09-10 17:39:31 +02:00
d54cfba6c2
Fix SAN check on newer versions versions of openssl ( #11277 )
2024-09-09 10:04:27 +01:00
538a1f2791
Update multus to v4.1.0 and clarify cilium compatibility ( #11434 )
...
* Update multus to v4.1.0 and clarify cilium compatibility
* Fix: bug introduced by #10934 where the template would break if multus was defined
* Set priorityClassName to system-node-critical for multus pods
2024-09-09 03:56:27 +01:00
fe60832a02
Remove kubelet_node_{custom_flags,config_extra_args}
...
There is no need to have an extra variables for this, just use different
values per host (using Ansible group_vars, for example)
2024-09-06 09:35:34 +02:00
1bc61c9f35
Simplify kubelet-config template
...
Remove system|kube_master_<resource>_reserved variables.
Those variables are unnecessary because users can simply use the
variables in group_vars if they which to differentiate control plane
nodes from other nodes.
Set conservative defaults for ephemeral-storage and pids for both kube
and system reserved resources.
2024-09-06 09:33:07 +02:00
1533d40411
Fix kube_reserved_cgroups_for_service_slice
...
The default value is used across kubespray but only defined in
kubernetes/node.
Move it to kubespray-defaults
2024-09-06 09:25:23 +02:00
4b324cb0f0
Rename master to control plane - non-breaking changes only ( #11394 )
...
K8s is moving away from the "master" terminology, so kubespray should follow the same naming conventions. See 65d886bb30/sig-architecture/naming/recommendations/001-master-control-plane.md
2024-09-06 07:56:19 +01:00
f9ebd45c74
boostrap-os: use import_tasks instead of symlinks ( #11508 )
...
Working symlinks are dependant on git configuration (when using the playbook as
a git repository, which is common), precisely `git config
core.symlinks`.
While this is enabled by default, some company policies will disable it.
Instead, use import_tasks which should avoid that class of bugs.
2024-09-05 08:24:49 +01:00
7f527f6195
Drop support for RHEL 7 / CentOS 7 ( #11246 )
...
* Simplify docker systemd unit
systemd handles missing unit by ignoring the dependency so we don't need
to template them.
* Remove RHEL 7/CentOS 7 support
- remove ref in kubespray roles
- move CI from centos 7 to 8
- remove docs related to centos7
* Remove container-storage-setup
Only used for RHEL 7 and CentOS 7
2024-09-05 07:41:01 +01:00
3da6c4fc18
Allow for configuring etcd progress notify interval and default set to 5s ( #11499 )
2024-09-05 06:29:05 +01:00
e744a117d6
Remove systemd version + ostree check for docker TasksMax ( #11493 )
...
systemd ignores unknown keys (with a warning) so version checking is not
necessary.
There is no rationale for excluding it from ostree systems either.
2024-09-02 13:16:57 +01:00
03372d883a
upgrade nerdctl to v1.7.6 ( #11492 )
...
Signed-off-by: Jongwoo Han <jongwooo.han@gmail.com>
2024-09-01 11:20:44 +01:00
8a961a60c2
Feat: Gateway API CRDs install support ( #11376 )
...
* Feat: add Gateway API CRDs installation
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
* Feat: add Gateway API CRDs variable in inventory
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-08-31 08:24:45 +01:00
db0138b2f9
fix: incorrect member matching when removing etcd nodes ( #11488 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-08-31 08:20:44 +01:00
27c7dc7008
upgrade helm to v3.15.4 ( #11486 )
2024-08-30 06:39:30 +01:00
acc5e579f6
Add conditional checking on ubuntu kernel unattended_upgrades disabling ( #11479 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-08-29 15:47:39 +01:00
924a979955
Calico v3.28.[0-1] checksums and change calico default version ( #11234 )
...
* make calico api server manifest backward compatible with version older than 3.27.3
Add 3.28.1 checksums
Add 3.28.0 checksums
Change default version to 3.27.3
* change default calico version to 3.28.1
* Set mount type to DirectoryOrCreate for hostPath needed by Calico
2024-08-29 12:10:28 +01:00
6acb44eeaf
update containerd 1.7.21 ( #11478 )
2024-08-29 04:22:29 +01:00
c89ea7e4c7
Fix: remove --config option from kubeadm upgrade ( #11350 ) ( #11352 )
...
We can't mix some options with --config for kubeadm upgrade.
The --config on upgrade is deprecated, and should be removed.
2024-08-29 03:08:29 +01:00
3d9e4951ce
fix static api server advertise address ( #11457 )
2024-08-28 15:20:56 +01:00
776b40a329
Adjust task name since we allow empty kube_node ( #11474 )
2024-08-28 06:35:02 +01:00
a3d0ba230d
Remove kubeadm_version and use kube_version instead ( #11473 )
...
We explicitly check for equality so customizing kubeadm_version does not
work at the moment.
Use only one variable instead.
2024-08-28 06:34:56 +01:00
9a7b021eb8
Do not use ‘yes/no’ for boolean values ( #11472 )
...
Consistent boolean values in ansible playbooks
2024-08-28 06:30:56 +01:00
961a6a8c9e
fix reset network for tencent OS ( #11459 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-08-26 15:32:08 +01:00
5b057c7328
Update list of admission plugins with a config file
2024-08-26 14:53:20 +02:00
d3402736d4
Remove special case for PodNodeSelector
...
This is already handled by the previous task.
2024-08-26 14:43:00 +02:00
47c3949477
Change plugins_needs_config list format
...
Makes easier diff when adding or removing plugins.
2024-08-26 14:42:04 +02:00
2f84567a69
Add containerd config options ( #11080 )
...
* chore(containerd): add some config debug options
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
* chore(containerd): add CRI config options
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/man/containerd-config.toml.5.md
See: https://github.com/containerd/containerd/blob/v1.7.15/docs/cri/config.md
2024-08-21 05:13:05 +01:00
c4338687e1
[ingress-nginx] upgrade to 1.11.2 ( #11463 )
2024-08-19 06:10:27 -07:00
ad1ce92b41
Update node-feature-discovery to v0.16.4 ( #11250 )
2024-08-19 05:59:30 -07:00
1093c76f9b
bump k8s version ( #11455 )
2024-08-19 00:12:33 -07:00
0306771c29
fix: cleanup networkmanager dns conf on reset ( #11440 )
2024-08-15 06:43:19 -07:00
390d74706c
[kube-ovn] update version to 1.12.21 ( #11445 )
...
Signed-off-by: Mengxin Liu <liumengxinfly@gmail.com>
2024-08-15 06:39:18 -07:00
fe4cbbccd1
fix: correct resolvconf typo ( #11439 )
2024-08-14 02:07:55 -07:00
e43e08c7d1
fix: use super-admin.conf for kube-vip on first master when it exists ( #11422 )
...
* fix: use super-admin.conf for kube-vip when it exists
* Mathieu Parent add as co-author
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
* template change for readability
* fix lint error
---------
Co-authored-by: Mathieu Parent <math.parent@gmail.com>
2024-08-10 21:35:58 -07:00
28712045a5
bump cni version to v1.4.0 ( #10698 )
2024-08-10 05:25:58 -07:00
1968db9a52
fix: skip multus when not defined ( #10934 )
...
fix task failure:
TASK [kubernetes-apps/network_plugin/multus : Multus | Start resources] ************************************************
fatal: [hfal12k8n1 -> {{ groups['kube_control_plane'][0] }}]: FAILED! => {"msg": "Error in jmespath.search in json_query filter plugin:\n'ansible.vars.hostvars.HostVarsVars object' has no attribute 'multus_manifest_2'"}
2024-08-06 03:42:50 -07:00
cc03ca62be
Avoid empty "supersede domain-name-servers" directives for dhclient.conf ( #10948 )
...
Fixes https://github.com/kubernetes-sigs/kubespray/issues/10947
This patch aims to be minimal and intentionally:
- does not change the generation logic for `supersede_domain` and `supersede_search`
- does not change how `nameserverentries` (for NetworkManager) is built
It seems like `nameserverentries` in the "Generate nameservers for resolvconf, including cluster DNS"
task is built the same way as `dhclient_supersede_nameserver_entries_list`.
However, `nameserverentries` in the "Generate nameservers for resolvconf, not including cluster DNS"
task (below) is built differently for some reason. It includes `configured_nameservers` as well.
Due to these differences, I have refrained from reusing the same building logic
(`dhclient_supersede_nameserver_entries_list`) for both.
If the `configured_nameservers` addition can be removed or made to apply
to dhclient as well, we could potentially build a single list and then
generate the `nameserverentries` and `supersede_nameserver` strings from it.
2024-08-06 03:38:51 -07:00
5f18fe739e
Restart kube-proxy pods only on configmap changes ( #11401 )
2024-08-06 00:50:50 -07:00
343d680371
fix kylin OS choose NetworkManager ( #11406 )
...
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
2024-08-05 03:34:59 -07:00
3d1653f950
[containerd] add hashes for versions '1.6.32-34', 'v1.7.17-20' and make v1.7.20 default ( #11413 )
2024-08-05 02:48:07 -07:00
4e99b94dcc
Add generic post upgrade hooks for node ( #11368 )
2024-07-31 21:58:48 -07:00
54ac5a6de4
Update cni-kube-ovn.yml.j2 ( #11357 )
...
Made corrections in Indentation at L658 which causes kubespray execution failed with YAML to Json conversion. #11356
2024-07-31 21:58:39 -07:00
8d497b49a6
[kubernetes] Add hashes for kubernetes 1.29.7, 1.28.[11-12] ( #11407 )
2024-07-31 03:50:56 -07:00
86f980393c
Merge pull request #11402 from tu1h/fix_centos_baserepo
...
Check CentOS-Base.repo exists for CentOS 7
2024-07-30 11:08:22 +08:00
d469503e84
Make netchecker log levels configurable ( #11334 )
...
* Make netchecker log levels configurable
* use ETCD_LOG_LEVEL
2024-07-28 23:57:56 -07:00
351832ba1d
Check CentOS-Base.repo exists for CentOS 7
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-29 13:49:14 +08:00
468c5641b2
fix kube_reserved so it only controls kubeReservedCgroup ( #11367 )
2024-07-26 01:39:20 -07:00
2299e49e0e
[containerd/tracing]: fix containerd tracing templating ( #11372 )
...
Signed-off-by: Ugur Ozturk <ugurozturk918@gmail.com>
2024-07-26 01:30:38 -07:00
c0fabccaf6
Add missing advertise-address flag to Kubeadm config, so it's passed to api-server ( #11387 )
2024-07-26 01:22:05 -07:00
2ac5b37aa9
Merge pull request #11391 from tico88612/bump/k8s-1.30.3
...
Make kubernetes v1.30.3 default
2024-07-26 16:15:01 +08:00
8208a3f04f
Rename systemd module to systemd_service ( #11396 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-26 01:11:39 -07:00
2d194af85e
Limit nodes in gather ansible_default_ipv4 ( #11370 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-07-25 19:17:48 -07:00
242edd14ff
Fix etcd certificate to acces address as SAN ( #11388 )
2024-07-25 18:49:23 -07:00
8f5f75211f
Improving yamllint configuration ( #11389 )
...
Signed-off-by: Bas Meijer <bas.meijer@enexis.nl>
2024-07-25 18:42:20 -07:00
56e26d6061
Bump: CRI-O from v1.30.2 to v1.30.3
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-07-21 21:54:41 +08:00
513e18cb90
Bump: Kubernetes from v1.30.2 to v1.30.3
...
Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
2024-07-21 21:54:16 +08:00
5f35b66256
Bump: OpenStack Cloud Controller Manager to 1.30.0 ( #11358 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-16 02:22:54 -07:00
bab0398c1e
Bump Cinder CSI Plugin to v1.30.0 ( #11374 )
...
* Chore: bump cinder-csi-plugin from v1.29.0 to v1.30.0
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
* Docs: update README.md cinder-csi-plugin version
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-13 02:01:08 -07:00
464cc716d7
Feat: Update CentOS 7 EOL package to vault.centos.org ( #11360 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-08 04:36:52 -07:00
1ebd860c13
[kubernetes] Add hashes for kubernetes 1.29.6 ( #11351 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-07-05 00:18:25 -07:00
a0d03d9fa6
[kubernetes] Support kubernetes 1.30.2 ( #11343 )
2024-07-03 00:06:20 -07:00
0bcedd4603
Make local_volume_provisioner log level configurable ( #11336 )
2024-07-02 07:14:06 -07:00
413572eced
Make calico-kube-controllers log level configurable ( #11335 )
2024-07-02 07:13:59 -07:00
348335ece5
[cert-manager] upgrade to v1.14.7 ( #11341 )
...
* Feat: upgrade cert-manager crd to 1.14.7
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
* Feat: upgrade cert-manager download version to 1.14.7
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
---------
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-07-02 00:19:58 -07:00
ee3fef1051
[kubernetes] Add hashes for kubernetes 1.30 ( #11109 ) ( #11261 )
...
Add hashes to crictl, crio, kubelet, kubectl and kubeadm
2024-07-02 00:15:59 -07:00
ff18f65a17
add ingress controller svc nodeport param ( #11310 )
2024-06-30 21:58:05 -07:00
cce585066e
Bump CNI weave 2.8.1 to 2.8.7 (community version) ( #11228 )
...
Signed-off-by: tico88612 <17496418+tico88612@users.noreply.github.com>
2024-06-26 02:40:27 -07:00
619938da95
add the ability to configure extra args to the different cinder-csi-p… ( #11169 )
...
* add the ability to configure extra args to the different cinder-csi-plugin containers
* endfor block added to be syntactically correct jinja
2024-06-26 02:40:20 -07:00
88b502f29d
add ingress controller admission svc ( #11309 )
2024-06-26 02:30:41 -07:00
db316a566d
dependencies for kubelet.service ( #11297 )
...
Signed-off-by: serge Hartmann <serge.hartmann@gmail.com>
2024-06-26 02:30:34 -07:00
817c61695d
Support disable unattended-upgrades for Linux kernel and all packages start with linux- on Ubuntu ( #11296 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-26 02:30:27 -07:00
0c84175e3b
Bump docker_containerd to 1.6.32 ( #11293 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-26 02:30:21 -07:00
cae266a045
Upgrade upcloud csi driver to v1.1.0 and add snapshot features ( #11303 )
2024-06-26 02:26:21 -07:00
c352773737
fix task Set label to node ( #11307 )
2024-06-25 06:35:40 -07:00
27cb22cee4
update docker cli version for ubuntu ( #11291 )
...
Signed-off-by: bo.jiang <bo.jiang@daocloud.io>
2024-06-24 05:20:56 -07:00
edce2b528d
add cilium_hubble_event_buffer_capacity & cilium_hubble_event_queue_size vars ( #10943 )
2024-06-23 20:14:56 -07:00
921b0c0bed
Add options to control images pulling of kubelet ( #11094 )
...
Signed-off-by: tu1h <lihai.tu@daocloud.io>
2024-06-21 07:54:54 -07:00
janosbabik
Bakke
Philip Sabri
Max Gautier
Baargav
Kubernetes Prow Robot
Leeon Fu
Qasim Mehmood
Kevin Huang
M. Hamzah Khan
Bogdan Sass
刘旭
Jongwoo Han
ChengHao Yang
ERIK
Kay Yan
Lihai Tu
Ehsan Golpayegani
Takuya Murakami
Selçuk Arıbalı
Vlad Korolev
kyrie
Lola Delannoy
Mohamed Omar Zaian
kokyhm
Ho Kim
Mengxin Liu
Cyclinder
Not Darko
Slavi Pantaleev
Injun Baeg
James
Sanyam Shah
Erwan Miran
tu1h
R. P. Taylor
Ugur Can Ozturk
Tom M.
Bas
Keita Mochizuki
Alexander
Serge Hartmann
Elias-elastisys
Daniil Muidinov
peterw